We are generating an XML SOAP message but the receiving gateway (EMIS) responds with a message to say the the signature is invalid:
INVALID_REQUEST Invalid digital signature
If we run verification against the soap payload, as so:
DOMValidateContext valContext = new DOMValidateContext(new X509KeySelector(publicKey), signatureNode);
Element elTS = (Element) ts;
valContext.setIdAttributeNS(elTS, "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "Id");
XMLSignature signature = fac.unmarshalXMLSignature(valContext);
signatureIsValid = signature.validate(valContext);
if (signatureIsValid == false) {
boolean sv = signature.getSignatureValue().validate(valContext);
if (sv == false) {
Iterator i = signature.getSignedInfo().getReferences().iterator();
for (int j=0; i.hasNext(); j++) {
Reference ref = ((Reference) i.next());
boolean refValid = ref.validate(valContext);
}
}
Then the message is:
URI:#Timestamp-1
**** #Timestamp-1 validity status: true
Verification returned:false
The signature pathway is:
SOAPConstants soapConstants = WSSecurityUtil.getSOAPConstants(doc.getDocumentElement());
WSSecHeader secHeader = new WSSecHeader(doc);
secHeader.insertSecurityHeader();
WSSecSignature builder = new WSSecSignature(secHeader);
builder.setUserInfo( KEY_ALIAS, KEY_ENTRY_PASS);
builder.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);
builder.setAddInclusivePrefixes(true);
WSEncryptionPart tsEP =new WSEncryptionPart(ts.getId());
builder.getParts().add(tsEP);
LOGGER.info("Signing doc");
Document signedDoc = builder.build(crypto);
Any ideas ?
